ansible 配置文件设置
一、ansible configuration settings
ansible支持多种形式,对它进行配置,其中包括命令行配置、配置文件配置(ansible.cfg)、直接修改linux环境变量、以及playbook中使用变量去修改ansible配置。总共4种表现形式。
二、ansible 配置文件查找顺序(从上到下,依次查找)
ANSIBLE_CONFIG用来设置配置文件所在位置ansible.cfg(在当前执行命令的目录下,是否有ansible.cfg)~/.ansible.cfg(查找家目录下是否有.ansible.cfg文件)/etc/ansible/ansible.cfg(查找etc下面是否有ansible.cfg配置文件)
ansible 将使用第一个查找到的配置文件,其他的将被忽略。
ansible配置文件使用
#和;来进行注释;如果是内联注释,只允许使用;# some basic default values... inventory = /etc/ansible/hosts ; This points to the file that lists your hosts
三、附录ansible配置参数
官网所有可配置参数:
https://docs.ansible.com/ansible/latest/reference_appendices/config.html
ACTION_WARNINGS:
default: true
description: [By default Ansible will issue a warning when received from a task
action (module or action plugin), These warnings can be silenced by adjusting
this setting to False.]
env:
- {name: ANSIBLE_ACTION_WARNINGS}
ini:
- {key: action_warnings, section: defaults}
name: Toggle action warnings
type: boolean
version_added: '2.5'
AGNOSTIC_BECOME_PROMPT:
default: true
description: Display an agnostic become prompt instead of displaying a prompt containing
the command line supplied become method
env:
- {name: ANSIBLE_AGNOSTIC_BECOME_PROMPT}
ini:
- {key: agnostic_become_prompt, section: privilege_escalation}
name: Display an agnostic become prompt
type: boolean
version_added: '2.5'
yaml: {key: privilege_escalation.agnostic_become_prompt}
ALLOW_WORLD_READABLE_TMPFILES:
default: false
description: [This makes the temporary files created on the machine to be world
readable and will issue a warning instead of failing the task., It is useful
when becoming an unprivileged user.]
env: []
ini:
- {key: allow_world_readable_tmpfiles, section: defaults}
name: Allow world readable temporary files
type: boolean
version_added: '2.1'
yaml: {key: defaults.allow_world_readable_tmpfiles}
ANSIBLE_CONNECTION_PATH:
default: null
description: [Specify where to look for the ansible-connection script. This location
will be checked before searching $PATH., 'If null, ansible will start with the
same directory as the ansible script.']
env:
- {name: ANSIBLE_CONNECTION_PATH}
ini:
- {key: ansible_connection_path, section: persistent_connection}
name: Path of ansible-connection script
type: path
version_added: '2.8'
yaml: {key: persistent_connection.ansible_connection_path}
ANSIBLE_COW_PATH:
default: null
description: Specify a custom cowsay path or swap in your cowsay implementation
of choice
env:
- {name: ANSIBLE_COW_PATH}
ini:
- {key: cowpath, section: defaults}
name: Set path to cowsay command
type: string
yaml: {key: display.cowpath}
ANSIBLE_COW_SELECTION:
default: default
description: This allows you to chose a specific cowsay stencil for the banners
or use 'random' to cycle through them.
env:
- {name: ANSIBLE_COW_SELECTION}
ini:
- {key: cow_selection, section: defaults}
name: Cowsay filter selection
ANSIBLE_COW_WHITELIST:
default: [bud-frogs, bunny, cheese, daemon, default, dragon, elephant-in-snake,
elephant, eyes, hellokitty, kitty, luke-koala, meow, milk, moofasa, moose, ren,
sheep, small, stegosaurus, stimpy, supermilker, three-eyes, turkey, turtle, tux,
udder, vader-koala, vader, www]
description: White list of cowsay templates that are 'safe' to use, set to empty
list if you want to enable all installed templates.
env:
- {name: ANSIBLE_COW_WHITELIST}
ini:
- {key: cow_whitelist, section: defaults}
name: Cowsay filter whitelist
type: list
yaml: {key: display.cowsay_whitelist}
ANSIBLE_FORCE_COLOR:
default: false
description: This options forces color mode even when running without a TTY or the
"nocolor" setting is True.
env:
- {name: ANSIBLE_FORCE_COLOR}
ini:
- {key: force_color, section: defaults}
name: Force color output
type: boolean
yaml: {key: display.force_color}
ANSIBLE_NOCOLOR:
default: false
description: This setting allows suppressing colorizing output, which is used to
give a better indication of failure and status information.
env:
- {name: ANSIBLE_NOCOLOR}
ini:
- {key: nocolor, section: defaults}
name: Suppress color output
type: boolean
yaml: {key: display.nocolor}
ANSIBLE_NOCOWS:
default: false
description: If you have cowsay installed but want to avoid the 'cows' (why????),
use this.
env:
- {name: ANSIBLE_NOCOWS}
ini:
- {key: nocows, section: defaults}
name: Suppress cowsay output
type: boolean
yaml: {key: display.i_am_no_fun}
ANSIBLE_PIPELINING:
default: false
description: ['Pipelining, if supported by the connection plugin, reduces the number
of network operations required to execute a module on the remote server, by
executing many Ansible modules without actual file transfer.', This can result
in a very significant performance improvement when enabled., 'However this conflicts
with privilege escalation (become). For example, when using ''sudo:'' operations
you must first disable ''requiretty'' in /etc/sudoers on all managed hosts,
which is why it is disabled by default.', This options is disabled if ``ANSIBLE_KEEP_REMOTE_FILES``
is enabled.]
env:
- {name: ANSIBLE_PIPELINING}
- {name: ANSIBLE_SSH_PIPELINING}
ini:
- {key: pipelining, section: connection}
- {key: pipelining, section: ssh_connection}
name: Connection pipelining
type: boolean
yaml: {key: plugins.connection.pipelining}
ANSIBLE_SSH_ARGS:
default: -C -o ControlMaster=auto -o ControlPersist=60s
description: ['If set, this will override the Ansible default ssh arguments.', 'In
particular, users may wish to raise the ControlPersist time to encourage performance. A
value of 30 minutes may be appropriate.', 'Be aware that if `-o ControlPath`
is set in ssh_args, the control path setting is not used.']
env:
- {name: ANSIBLE_SSH_ARGS}
ini:
- {key: ssh_args, section: ssh_connection}
yaml: {key: ssh_connection.ssh_args}
ANSIBLE_SSH_CONTROL_PATH:
default: null
description: ['This is the location to save ssh''s ControlPath sockets, it uses
ssh''s variable substitution.', 'Since 2.3, if null, ansible will generate a
unique hash. Use `%(directory)s` to indicate where to use the control dir path
setting.', Before 2.3 it defaulted to `control_path=%(directory)s/ansible-ssh-%%h-%%p-%%r`.,
Be aware that this setting is ignored if `-o ControlPath` is set in ssh args.]
env:
- {name: ANSIBLE_SSH_CONTROL_PATH}
ini:
- {key: control_path, section: ssh_connection}
yaml: {key: ssh_connection.control_path}
ANSIBLE_SSH_CONTROL_PATH_DIR:
default: ~/.ansible/cp
description: [This sets the directory to use for ssh control path if the control
path setting is null., 'Also, provides the `%(directory)s` variable for the
control path setting.']
env:
- {name: ANSIBLE_SSH_CONTROL_PATH_DIR}
ini:
- {key: control_path_dir, section: ssh_connection}
yaml: {key: ssh_connection.control_path_dir}
ANSIBLE_SSH_EXECUTABLE:
default: ssh
description: [This defines the location of the ssh binary. It defaults to `ssh`
which will use the first ssh binary available in $PATH., 'This option is usually
not required, it might be useful when access to system ssh is restricted, or
when using ssh wrappers to connect to remote hosts.']
env:
- {name: ANSIBLE_SSH_EXECUTABLE}
ini:
- {key: ssh_executable, section: ssh_connection}
version_added: '2.2'
yaml: {key: ssh_connection.ssh_executable}
ANSIBLE_SSH_RETRIES:
default: 0
description: Number of attempts to establish a connection before we give up and
report the host as 'UNREACHABLE'
env:
- {name: ANSIBLE_SSH_RETRIES}
ini:
- {key: retries, section: ssh_connection}
type: integer
yaml: {key: ssh_connection.retries}
ANY_ERRORS_FATAL:
default: false
description: Sets the default value for the any_errors_fatal keyword, if True, Task
failures will be considered fatal errors.
env:
- {name: ANSIBLE_ANY_ERRORS_FATAL}
ini:
- {key: any_errors_fatal, section: defaults}
name: Make Task failures fatal
type: boolean
version_added: '2.4'
yaml: {key: errors.any_task_errors_fatal}
BECOME_ALLOW_SAME_USER:
default: false
description: This setting controls if become is skipped when remote user and become
user are the same. I.E root sudo to root.
env:
- {name: ANSIBLE_BECOME_ALLOW_SAME_USER}
ini:
- {key: become_allow_same_user, section: privilege_escalation}
name: Allow becoming the same user
type: boolean
yaml: {key: privilege_escalation.become_allow_same_user}
BECOME_PLUGIN_PATH:
default: ~/.ansible/plugins/become:/usr/share/ansible/plugins/become
description: Colon separated paths in which Ansible will search for Become Plugins.
env:
- {name: ANSIBLE_BECOME_PLUGINS}
ini:
- {key: become_plugins, section: defaults}
name: Become plugins path
type: pathspec
version_added: '2.8'
CACHE_PLUGIN:
default: memory
description: Chooses which cache plugin to use, the default 'memory' is ephimeral.
env:
- {name: ANSIBLE_CACHE_PLUGIN}
ini:
- {key: fact_caching, section: defaults}
name: Persistent Cache plugin
yaml: {key: facts.cache.plugin}
CACHE_PLUGIN_CONNECTION:
default: null
description: Defines connection or path information for the cache plugin
env:
- {name: ANSIBLE_CACHE_PLUGIN_CONNECTION}
ini:
- {key: fact_caching_connection, section: defaults}
name: Cache Plugin URI
yaml: {key: facts.cache.uri}
CACHE_PLUGIN_PREFIX:
default: ansible_facts
description: Prefix to use for cache plugin files/tables
env:
- {name: ANSIBLE_CACHE_PLUGIN_PREFIX}
ini:
- {key: fact_caching_prefix, section: defaults}
name: Cache Plugin table prefix
yaml: {key: facts.cache.prefix}
CACHE_PLUGIN_TIMEOUT:
default: 86400
description: Expiration timeout for the cache plugin data
env:
- {name: ANSIBLE_CACHE_PLUGIN_TIMEOUT}
ini:
- {key: fact_caching_timeout, section: defaults}
name: Cache Plugin expiration timeout
type: integer
yaml: {key: facts.cache.timeout}
COLLECTIONS_PATHS:
default: ~/.ansible/collections:/usr/share/ansible/collections
env:
- {name: ANSIBLE_COLLECTIONS_PATHS}
ini:
- {key: collections_paths, section: defaults}
name: ordered list of root paths for loading installed Ansible collections content
type: pathspec
COLOR_CHANGED:
default: yellow
description: Defines the color to use on 'Changed' task status
env:
- {name: ANSIBLE_COLOR_CHANGED}
ini:
- {key: changed, section: colors}
name: Color for 'changed' task status
yaml: {key: display.colors.changed}
COLOR_CONSOLE_PROMPT:
default: white
description: Defines the default color to use for ansible-console
env:
- {name: ANSIBLE_COLOR_CONSOLE_PROMPT}
ini:
- {key: console_prompt, section: colors}
name: Color for ansible-console's prompt task status
version_added: '2.7'
COLOR_DEBUG:
default: dark gray
description: Defines the color to use when emitting debug messages
env:
- {name: ANSIBLE_COLOR_DEBUG}
ini:
- {key: debug, section: colors}
name: Color for debug statements
yaml: {key: display.colors.debug}
COLOR_DEPRECATE:
default: purple
description: Defines the color to use when emitting deprecation messages
env:
- {name: ANSIBLE_COLOR_DEPRECATE}
ini:
- {key: deprecate, section: colors}
name: Color for deprecation messages
yaml: {key: display.colors.deprecate}
COLOR_DIFF_ADD:
default: green
description: Defines the color to use when showing added lines in diffs
env:
- {name: ANSIBLE_COLOR_DIFF_ADD}
ini:
- {key: diff_add, section: colors}
name: Color for diff added display
yaml: {key: display.colors.diff.add}
COLOR_DIFF_LINES:
default: cyan
description: Defines the color to use when showing diffs
env:
- {name: ANSIBLE_COLOR_DIFF_LINES}
ini:
- {key: diff_lines, section: colors}
name: Color for diff lines display
COLOR_DIFF_REMOVE:
default: red
description: Defines the color to use when showing removed lines in diffs
env:
- {name: ANSIBLE_COLOR_DIFF_REMOVE}
ini:
- {key: diff_remove, section: colors}
name: Color for diff removed display
COLOR_ERROR:
default: red
description: Defines the color to use when emitting error messages
env:
- {name: ANSIBLE_COLOR_ERROR}
ini:
- {key: error, section: colors}
name: Color for error messages
yaml: {key: colors.error}
COLOR_HIGHLIGHT:
default: white
description: Defines the color to use for highlighting
env:
- {name: ANSIBLE_COLOR_HIGHLIGHT}
ini:
- {key: highlight, section: colors}
name: Color for highlighting
COLOR_OK:
default: green
description: Defines the color to use when showing 'OK' task status
env:
- {name: ANSIBLE_COLOR_OK}
ini:
- {key: ok, section: colors}
name: Color for 'ok' task status
COLOR_SKIP:
default: cyan
description: Defines the color to use when showing 'Skipped' task status
env:
- {name: ANSIBLE_COLOR_SKIP}
ini:
- {key: skip, section: colors}
name: Color for 'skip' task status
COLOR_UNREACHABLE:
default: bright red
description: Defines the color to use on 'Unreachable' status
env:
- {name: ANSIBLE_COLOR_UNREACHABLE}
ini:
- {key: unreachable, section: colors}
name: Color for 'unreachable' host state
COLOR_VERBOSE:
default: blue
description: Defines the color to use when emitting verbose messages. i.e those
that show with '-v's.
env:
- {name: ANSIBLE_COLOR_VERBOSE}
ini:
- {key: verbose, section: colors}
name: Color for verbose messages
COLOR_WARN:
default: bright purple
description: Defines the color to use when emitting warning messages
env:
- {name: ANSIBLE_COLOR_WARN}
ini:
- {key: warn, section: colors}
name: Color for warning messages
COMMAND_WARNINGS:
default: true
description: [By default Ansible will issue a warning when the shell or command
module is used and the command appears to be similar to an existing Ansible
module., These warnings can be silenced by adjusting this setting to False.
You can also control this at the task level with the module option ``warn``.]
env:
- {name: ANSIBLE_COMMAND_WARNINGS}
ini:
- {key: command_warnings, section: defaults}
name: Command module warnings
type: boolean
version_added: '1.8'
CONDITIONAL_BARE_VARS:
default: true
description: ['With this setting on (True), running conditional evaluation ''var''
is treated differently than ''var.subkey'' as the first is evaluated directly
while the second goes through the Jinja2 parser. But ''false'' strings in ''var''
get evaluated as booleans.', With this setting off they both evaluate the same
but in cases in which 'var' was 'false' (a string) it won't get evaluated as
a boolean anymore., Currently this setting defaults to 'True' but will soon
change to 'False' and the setting itself will be removed in the future., Expect
the default to change in version 2.10 and that this setting eventually will
be deprecated after 2.12]
env:
- {name: ANSIBLE_CONDITIONAL_BARE_VARS}
ini:
- {key: conditional_bare_variables, section: defaults}
name: Allow bare variable evaluation in conditionals
type: boolean
version_added: '2.8'
CONNECTION_FACTS_MODULES:
default: {eos: eos_facts, frr: frr_facts, ios: ios_facts, iosxr: iosxr_facts, junos: junos_facts,
nxos: nxos_facts, vyos: vyos_facts}
description: Which modules to run during a play's fact gathering stage based on
connection
env:
- {name: ANSIBLE_CONNECTION_FACTS_MODULES}
ini:
- {key: connection_facts_modules, section: defaults}
name: Map of connections to fact modules
type: dict
DEFAULT_ACTION_PLUGIN_PATH:
default: ~/.ansible/plugins/action:/usr/share/ansible/plugins/action
description: Colon separated paths in which Ansible will search for Action Plugins.
env:
- {name: ANSIBLE_ACTION_PLUGINS}
ini:
- {key: action_plugins, section: defaults}
name: Action plugins path
type: pathspec
yaml: {key: plugins.action.path}
DEFAULT_ALLOW_UNSAFE_LOOKUPS:
default: false
description: ['When enabled, this option allows lookup plugins (whether used in
variables as ``{{lookup(''foo'')}}`` or as a loop as with_foo) to return data
that is not marked ''unsafe''.', 'By default, such data is marked as unsafe
to prevent the templating engine from evaluating any jinja2 templating language,
as this could represent a security risk. This option is provided to allow for
backwards-compatibility, however users should first consider adding allow_unsafe=True
to any lookups which may be expected to contain data which may be run through
the templating engine late']
env: []
ini:
- {key: allow_unsafe_lookups, section: defaults}
name: Allow unsafe lookups
type: boolean
version_added: 2.2.3
DEFAULT_ASK_PASS:
default: false
description: ['This controls whether an Ansible playbook should prompt for a login
password. If using SSH keys for authentication, you probably do not needed to
change this setting.']
env:
- {name: ANSIBLE_ASK_PASS}
ini:
- {key: ask_pass, section: defaults}
name: Ask for the login password
type: boolean
yaml: {key: defaults.ask_pass}
DEFAULT_ASK_SUDO_PASS:
default: false
deprecated: {alternatives: become, version: '2.9', why: 'In favor of Ansible Become,
which is a generic framework. See become_ask_pass.'}
description: [This controls whether an Ansible playbook should prompt for a sudo
password.]
env:
- {name: ANSIBLE_ASK_SUDO_PASS}
ini:
- {key: ask_sudo_pass, section: defaults}
name: Ask for the sudo password
type: boolean
DEFAULT_ASK_SU_PASS:
default: false
deprecated: {alternatives: become, version: '2.9', why: 'In favor of Ansible Become,
which is a generic framework. See become_ask_pass.'}
description: [This controls whether an Ansible playbook should prompt for a su password.]
env:
- {name: ANSIBLE_ASK_SU_PASS}
ini:
- {key: ask_su_pass, section: defaults}
name: Ask for the su password
type: boolean
DEFAULT_ASK_VAULT_PASS:
default: false
description: [This controls whether an Ansible playbook should prompt for a vault
password.]
env:
- {name: ANSIBLE_ASK_VAULT_PASS}
ini:
- {key: ask_vault_pass, section: defaults}
name: Ask for the vault password(s)
type: boolean
DEFAULT_BECOME:
default: false
description: Toggles the use of privilege escalation, allowing you to 'become' another
user after login.
env:
- {name: ANSIBLE_BECOME}
ini:
- {key: become, section: privilege_escalation}
name: Enable privilege escalation (become)
type: boolean
DEFAULT_BECOME_ASK_PASS:
default: false
description: Toggle to prompt for privilege escalation password.
env:
- {name: ANSIBLE_BECOME_ASK_PASS}
ini:
- {key: become_ask_pass, section: privilege_escalation}
name: Ask for the privilege escalation (become) password
type: boolean
DEFAULT_BECOME_EXE:
default: null
description: executable to use for privilege escalation, otherwise Ansible will
depend on PATH
env:
- {name: ANSIBLE_BECOME_EXE}
ini:
- {key: become_exe, section: privilege_escalation}
name: Choose 'become' executable
DEFAULT_BECOME_FLAGS:
default: ''
description: Flags to pass to the privilege escalation executable.
env:
- {name: ANSIBLE_BECOME_FLAGS}
ini:
- {key: become_flags, section: privilege_escalation}
name: Set 'become' executable options
DEFAULT_BECOME_METHOD:
default: sudo
description: Privilege escalation method to use when `become` is enabled.
env:
- {name: ANSIBLE_BECOME_METHOD}
ini:
- {key: become_method, section: privilege_escalation}
name: Choose privilege escalation method
DEFAULT_BECOME_USER:
default: root
description: The user your login/remote user 'becomes' when using privilege escalation,
most systems will use 'root' when no user is specified.
env:
- {name: ANSIBLE_BECOME_USER}
ini:
- {key: become_user, section: privilege_escalation}
name: Set the user you 'become' via privilege escalation
yaml: {key: become.user}
DEFAULT_CACHE_PLUGIN_PATH:
default: ~/.ansible/plugins/cache:/usr/share/ansible/plugins/cache
description: Colon separated paths in which Ansible will search for Cache Plugins.
env:
- {name: ANSIBLE_CACHE_PLUGINS}
ini:
- {key: cache_plugins, section: defaults}
name: Cache Plugins Path
type: pathspec
DEFAULT_CALLABLE_WHITELIST:
default: []
description: Whitelist of callable methods to be made available to template evaluation
env:
- {name: ANSIBLE_CALLABLE_WHITELIST}
ini:
- {key: callable_whitelist, section: defaults}
name: Template 'callable' whitelist
type: list
DEFAULT_CALLBACK_PLUGIN_PATH:
default: ~/.ansible/plugins/callback:/usr/share/ansible/plugins/callback
description: Colon separated paths in which Ansible will search for Callback Plugins.
env:
- {name: ANSIBLE_CALLBACK_PLUGINS}
ini:
- {key: callback_plugins, section: defaults}
name: Callback Plugins Path
type: pathspec
yaml: {key: plugins.callback.path}
DEFAULT_CALLBACK_WHITELIST:
default: []
description: ['List of whitelisted callbacks, not all callbacks need whitelisting,
but many of those shipped with Ansible do as we don''t want them activated by
default.']
env:
- {name: ANSIBLE_CALLBACK_WHITELIST}
ini:
- {key: callback_whitelist, section: defaults}
name: Callback Whitelist
type: list
yaml: {key: plugins.callback.whitelist}
DEFAULT_CLICONF_PLUGIN_PATH:
default: ~/.ansible/plugins/cliconf:/usr/share/ansible/plugins/cliconf
description: Colon separated paths in which Ansible will search for Cliconf Plugins.
env:
- {name: ANSIBLE_CLICONF_PLUGINS}
ini:
- {key: cliconf_plugins, section: defaults}
name: Cliconf Plugins Path
type: pathspec
DEFAULT_CONNECTION_PLUGIN_PATH:
default: ~/.ansible/plugins/connection:/usr/share/ansible/plugins/connection
description: Colon separated paths in which Ansible will search for Connection Plugins.
env:
- {name: ANSIBLE_CONNECTION_PLUGINS}
ini:
- {key: connection_plugins, section: defaults}
name: Connection Plugins Path
type: pathspec
yaml: {key: plugins.connection.path}
DEFAULT_DEBUG:
default: false
description: ['Toggles debug output in Ansible. This is *very* verbose and can hinder
multiprocessing. Debug output can also include secret information despite no_log
settings being enabled, which means debug mode should not be used in production.']
env:
- {name: ANSIBLE_DEBUG}
ini:
- {key: debug, section: defaults}
name: Debug mode
type: boolean
DEFAULT_EXECUTABLE:
default: /bin/sh
description: ['This indicates the command to use to spawn a shell under for Ansible''s
execution needs on a target. Users may need to change this in rare instances
when shell usage is constrained, but in most cases it may be left as is.']
env:
- {name: ANSIBLE_EXECUTABLE}
ini:
- {key: executable, section: defaults}
name: Target shell executable
DEFAULT_FACT_PATH:
default: null
description: [This option allows you to globally configure a custom path for 'local_facts'
for the implied M(setup) task when using fact gathering., 'If not set, it will
fallback to the default from the M(setup) module: ``/etc/ansible/facts.d``.',
This does **not** affect user defined tasks that use the M(setup) module.]
env:
- {name: ANSIBLE_FACT_PATH}
ini:
- {key: fact_path, section: defaults}
name: local fact path
type: path
yaml: {key: facts.gathering.fact_path}
DEFAULT_FILTER_PLUGIN_PATH:
default: ~/.ansible/plugins/filter:/usr/share/ansible/plugins/filter
description: Colon separated paths in which Ansible will search for Jinja2 Filter
Plugins.
env:
- {name: ANSIBLE_FILTER_PLUGINS}
ini:
- {key: filter_plugins, section: defaults}
name: Jinja2 Filter Plugins Path
type: pathspec
DEFAULT_FORCE_HANDLERS:
default: false
description: [This option controls if notified handlers run on a host even if a
failure occurs on that host., 'When false, the handlers will not run if a failure
has occurred on a host.', This can also be set per play or on the command line.
See Handlers and Failure for more details.]
env:
- {name: ANSIBLE_FORCE_HANDLERS}
ini:
- {key: force_handlers, section: defaults}
name: Force handlers to run after failure
type: boolean
version_added: 1.9.1
DEFAULT_FORKS:
default: 5
description: Maximum number of forks Ansible will use to execute tasks on target
hosts.
env:
- {name: ANSIBLE_FORKS}
ini:
- {key: forks, section: defaults}
name: Number of task forks
type: integer
DEFAULT_GATHERING:
choices: [smart, explicit, implicit]
default: implicit
description: [This setting controls the default policy of fact gathering (facts
discovered about remote systems)., 'When ''implicit'' (the default), the cache
plugin will be ignored and facts will be gathered per play unless ''gather_facts:
False'' is set.', 'When ''explicit'' the inverse is true, facts will not be
gathered unless directly requested in the play.', 'The ''smart'' value means
each new host that has no facts discovered will be scanned, but if the same
host is addressed in multiple plays it will not be contacted again in the playbook
run.', This option can be useful for those wishing to save fact gathering time.
Both 'smart' and 'explicit' will use the cache plugin.]
env:
- {name: ANSIBLE_GATHERING}
ini:
- {key: gathering, section: defaults}
name: Gathering behaviour
version_added: '1.6'
DEFAULT_GATHER_SUBSET:
default: [all]
description: [Set the `gather_subset` option for the M(setup) task in the implicit
fact gathering. See the module documentation for specifics., It does **not**
apply to user defined M(setup) tasks.]
env:
- {name: ANSIBLE_GATHER_SUBSET}
ini:
- {key: gather_subset, section: defaults}
name: Gather facts subset
type: list
version_added: '2.1'
DEFAULT_GATHER_TIMEOUT:
default: 10
description: [Set the timeout in seconds for the implicit fact gathering., It does
**not** apply to user defined M(setup) tasks.]
env:
- {name: ANSIBLE_GATHER_TIMEOUT}
ini:
- {key: gather_timeout, section: defaults}
name: Gather facts timeout
type: integer
yaml: {key: defaults.gather_timeout}
DEFAULT_HANDLER_INCLUDES_STATIC:
default: false
deprecated: {alternatives: none as its already built into the decision between include_tasks
and import_tasks, version: '2.12', why: include itself is deprecated and this
setting will not matter in the future}
description: ['Since 2.0 M(include) can be ''dynamic'', this setting (if True) forces
that if the include appears in a ``handlers`` section to be ''static''.']
env:
- {name: ANSIBLE_HANDLER_INCLUDES_STATIC}
ini:
- {key: handler_includes_static, section: defaults}
name: Make handler M(include) static
type: boolean
DEFAULT_HASH_BEHAVIOUR:
choices: [replace, merge]
default: replace
description: ['This setting controls how variables merge in Ansible. By default
Ansible will override variables in specific precedence orders, as described
in Variables. When a variable of higher precedence wins, it will replace the
other value.', 'Some users prefer that variables that are hashes (aka ''dictionaries''
in Python terms) are merged. This setting is called ''merge''. This is not the
default behavior and it does not affect variables whose values are scalars (integers,
strings) or arrays. We generally recommend not using this setting unless you
think you have an absolute need for it, and playbooks in the official examples
repos do not use this setting', In version 2.0 a ``combine`` filter was added
to allow doing this for a particular variable (described in Filters).]
env:
- {name: ANSIBLE_HASH_BEHAVIOUR}
ini:
- {key: hash_behaviour, section: defaults}
name: Hash merge behaviour
type: string
DEFAULT_HOST_LIST:
default: /etc/ansible/hosts
description: Comma separated list of Ansible inventory sources
env:
- {name: ANSIBLE_INVENTORY}
expand_relative_paths: true
ini:
- {key: inventory, section: defaults}
name: Inventory Source
type: pathlist
yaml: {key: defaults.inventory}
DEFAULT_HTTPAPI_PLUGIN_PATH:
default: ~/.ansible/plugins/httpapi:/usr/share/ansible/plugins/httpapi
description: Colon separated paths in which Ansible will search for HttpApi Plugins.
env:
- {name: ANSIBLE_HTTPAPI_PLUGINS}
ini:
- {key: httpapi_plugins, section: defaults}
name: HttpApi Plugins Path
type: pathspec
DEFAULT_INTERNAL_POLL_INTERVAL:
default: 0.001
description: ['This sets the interval (in seconds) of Ansible internal processes
polling each other. Lower values improve performance with large playbooks at
the expense of extra CPU load. Higher values are more suitable for Ansible usage
in automation scenarios, when UI responsiveness is not required but CPU usage
might be a concern.', The default corresponds to the value hardcoded in Ansible
<= 2.1]
env: []
ini:
- {key: internal_poll_interval, section: defaults}
name: Internal poll interval
type: float
version_added: '2.2'
DEFAULT_INVENTORY_PLUGIN_PATH:
default: ~/.ansible/plugins/inventory:/usr/share/ansible/plugins/inventory
description: Colon separated paths in which Ansible will search for Inventory Plugins.
env:
- {name: ANSIBLE_INVENTORY_PLUGINS}
ini:
- {key: inventory_plugins, section: defaults}
name: Inventory Plugins Path
type: pathspec
DEFAULT_JINJA2_EXTENSIONS:
default: []
description: [This is a developer-specific feature that allows enabling additional
Jinja2 extensions., 'See the Jinja2 documentation for details. If you do not
know what these do, you probably don''t need to change this setting :)']
env:
- {name: ANSIBLE_JINJA2_EXTENSIONS}
ini:
- {key: jinja2_extensions, section: defaults}
name: Enabled Jinja2 extensions
DEFAULT_JINJA2_NATIVE:
default: false
description: This option preserves variable types during template operations. This
requires Jinja2 >= 2.10.
env:
- {name: ANSIBLE_JINJA2_NATIVE}
ini:
- {key: jinja2_native, section: defaults}
name: Use Jinja2's NativeEnvironment for templating
type: boolean
version_added: 2.7
yaml: {key: jinja2_native}
DEFAULT_KEEP_REMOTE_FILES:
default: false
description: [Enables/disables the cleaning up of the temporary files Ansible used
to execute the tasks on the remote., If this option is enabled it will disable
``ANSIBLE_PIPELINING``.]
env:
- {name: ANSIBLE_KEEP_REMOTE_FILES}
ini:
- {key: keep_remote_files, section: defaults}
name: Keep remote files
type: boolean
DEFAULT_LIBVIRT_LXC_NOSECLABEL:
default: false
description: [This setting causes libvirt to connect to lxc containers by passing
--noseclabel to virsh. This is necessary when running on systems which do not
have SELinux.]
env:
- deprecated: {alternatives: the "ANSIBLE_LIBVIRT_LXC_NOSECLABEL" environment variable,
version: '2.12', why: environment variables without "ANSIBLE_" prefix are deprecated}
name: LIBVIRT_LXC_NOSECLABEL
- {name: ANSIBLE_LIBVIRT_LXC_NOSECLABEL}
ini:
- {key: libvirt_lxc_noseclabel, section: selinux}
name: No security label on Lxc
type: boolean
version_added: '2.1'
DEFAULT_LOAD_CALLBACK_PLUGINS:
default: false
description: ['Controls whether callback plugins are loaded when running /usr/bin/ansible.
This may be used to log activity from the command line, send notifications,
and so on. Callback plugins are always loaded for ``ansible-playbook``.']
env:
- {name: ANSIBLE_LOAD_CALLBACK_PLUGINS}
ini:
- {key: bin_ansible_callbacks, section: defaults}
name: Load callbacks for adhoc
type: boolean
version_added: '1.8'
DEFAULT_LOCAL_TMP:
default: ~/.ansible/tmp
description: Temporary directory for Ansible to use on the controller.
env:
- {name: ANSIBLE_LOCAL_TEMP}
ini:
- {key: local_tmp, section: defaults}
name: Controller temporary directory
type: tmppath
DEFAULT_LOG_FILTER:
default: []
description: List of logger names to filter out of the log file
env:
- {name: ANSIBLE_LOG_FILTER}
ini:
- {key: log_filter, section: defaults}
name: Name filters for python logger
type: list
DEFAULT_LOG_PATH:
default: null
description: File to which Ansible will log on the controller. When empty logging
is disabled.
env:
- {name: ANSIBLE_LOG_PATH}
ini:
- {key: log_path, section: defaults}
name: Ansible log file path
type: path
DEFAULT_LOOKUP_PLUGIN_PATH:
default: ~/.ansible/plugins/lookup:/usr/share/ansible/plugins/lookup
description: Colon separated paths in which Ansible will search for Lookup Plugins.
env:
- {name: ANSIBLE_LOOKUP_PLUGINS}
ini:
- {key: lookup_plugins, section: defaults}
name: Lookup Plugins Path
type: pathspec
yaml: {key: defaults.lookup_plugins}
DEFAULT_MANAGED_STR:
default: Ansible managed
description: Sets the macro for the 'ansible_managed' variable available for M(template)
and M(win_template) modules. This is only relevant for those two modules.
env: []
ini:
- {key: ansible_managed, section: defaults}
name: Ansible managed
yaml: {key: defaults.ansible_managed}
DEFAULT_MODULE_ARGS:
default: ''
description: [This sets the default arguments to pass to the ``ansible`` adhoc binary
if no ``-a`` is specified.]
env:
- {name: ANSIBLE_MODULE_ARGS}
ini:
- {key: module_args, section: defaults}
name: Adhoc default arguments
DEFAULT_MODULE_COMPRESSION:
default: ZIP_DEFLATED
description: Compression scheme to use when transferring Python modules to the target.
env: []
ini:
- {key: module_compression, section: defaults}
name: Python module compression
DEFAULT_MODULE_LANG:
default: '{{ CONTROLLER_LANG }}'
deprecated: {version: '2.9', why: Modules are coded to set their own locale if needed
for screenscraping}
description: [Language locale setting to use for modules when they execute on the
target., If empty it tries to set itself to the LANG environment variable on
the controller., This is only used if DEFAULT_MODULE_SET_LOCALE is set to true]
env:
- {name: ANSIBLE_MODULE_LANG}
ini:
- {key: module_lang, section: defaults}
name: Target language environment
DEFAULT_MODULE_NAME:
default: command
description: Module to use with the ``ansible`` AdHoc command, if none is specified
via ``-m``.
env: []
ini:
- {key: module_name, section: defaults}
name: Default adhoc module
DEFAULT_MODULE_PATH:
default: ~/.ansible/plugins/modules:/usr/share/ansible/plugins/modules
description: Colon separated paths in which Ansible will search for Modules.
env:
- {name: ANSIBLE_LIBRARY}
ini:
- {key: library, section: defaults}
name: Modules Path
type: pathspec
DEFAULT_MODULE_SET_LOCALE:
default: false
deprecated: {version: '2.9', why: Modules are coded to set their own locale if needed
for screenscraping}
description: [Controls if we set locale for modules when executing on the target.]
env:
- {name: ANSIBLE_MODULE_SET_LOCALE}
ini:
- {key: module_set_locale, section: defaults}
name: Target locale
type: boolean
DEFAULT_MODULE_UTILS_PATH:
default: ~/.ansible/plugins/module_utils:/usr/share/ansible/plugins/module_utils
description: Colon separated paths in which Ansible will search for Module utils
files, which are shared by modules.
env:
- {name: ANSIBLE_MODULE_UTILS}
ini:
- {key: module_utils, section: defaults}
name: Module Utils Path
type: pathspec
DEFAULT_NETCONF_PLUGIN_PATH:
default: ~/.ansible/plugins/netconf:/usr/share/ansible/plugins/netconf
description: Colon separated paths in which Ansible will search for Netconf Plugins.
env:
- {name: ANSIBLE_NETCONF_PLUGINS}
ini:
- {key: netconf_plugins, section: defaults}
name: Netconf Plugins Path
type: pathspec
DEFAULT_NO_LOG:
default: false
description: Toggle Ansible's display and logging of task details, mainly used to
avoid security disclosures.
env:
- {name: ANSIBLE_NO_LOG}
ini:
- {key: no_log, section: defaults}
name: No log
type: boolean
DEFAULT_NO_TARGET_SYSLOG:
default: false
description: Toggle Ansible logging to syslog on the target when it executes tasks.
env:
- {name: ANSIBLE_NO_TARGET_SYSLOG}
ini:
- {key: no_target_syslog, section: defaults}
name: No syslog on target
type: boolean
yaml: {key: defaults.no_target_syslog}
DEFAULT_NULL_REPRESENTATION:
default: null
description: What templating should return as a 'null' value. When not set it will
let Jinja2 decide.
env:
- {name: ANSIBLE_NULL_REPRESENTATION}
ini:
- {key: null_representation, section: defaults}
name: Represent a null
type: none
DEFAULT_POLL_INTERVAL:
default: 15
description: ['For asynchronous tasks in Ansible (covered in Asynchronous Actions
and Polling), this is how often to check back on the status of those tasks when
an explicit poll interval is not supplied. The default is a reasonably moderate
15 seconds which is a tradeoff between checking in frequently and providing
a quick turnaround when something may have completed.']
env:
- {name: ANSIBLE_POLL_INTERVAL}
ini:
- {key: poll_interval, section: defaults}
name: Async poll interval
type: integer
DEFAULT_PRIVATE_KEY_FILE:
default: null
description: ['Option for connections using a certificate or key file to authenticate,
rather than an agent or passwords, you can set the default value here to avoid
re-specifying --private-key with every invocation.']
env:
- {name: ANSIBLE_PRIVATE_KEY_FILE}
ini:
- {key: private_key_file, section: defaults}
name: Private key file
type: path
DEFAULT_PRIVATE_ROLE_VARS:
default: false
description: [Makes role variables inaccessible from other roles., This was introduced
as a way to reset role variables to default values if a role is used more than
once in a playbook.]
env:
- {name: ANSIBLE_PRIVATE_ROLE_VARS}
ini:
- {key: private_role_vars, section: defaults}
name: Private role variables
type: boolean
yaml: {key: defaults.private_role_vars}
DEFAULT_REMOTE_PORT:
default: null
description: Port to use in remote connections, when blank it will use the connection
plugin default.
env:
- {name: ANSIBLE_REMOTE_PORT}
ini:
- {key: remote_port, section: defaults}
name: Remote port
type: integer
yaml: {key: defaults.remote_port}
DEFAULT_REMOTE_USER:
default: null
description: [Sets the login user for the target machines, 'When blank it uses the
connection plugin''s default, normally the user currently executing Ansible.']
env:
- {name: ANSIBLE_REMOTE_USER}
ini:
- {key: remote_user, section: defaults}
name: Login/Remote User
DEFAULT_ROLES_PATH:
default: ~/.ansible/roles:/usr/share/ansible/roles:/etc/ansible/roles
description: Colon separated paths in which Ansible will search for Roles.
env:
- {name: ANSIBLE_ROLES_PATH}
expand_relative_paths: true
ini:
- {key: roles_path, section: defaults}
name: Roles path
type: pathspec
yaml: {key: defaults.roles_path}
DEFAULT_SCP_IF_SSH:
default: smart
description: [Preferred method to use when transferring files over ssh., 'When set
to smart, Ansible will try them until one succeeds or they all fail.', 'If set
to True, it will force ''scp'', if False it will use ''sftp''.']
env:
- {name: ANSIBLE_SCP_IF_SSH}
ini:
- {key: scp_if_ssh, section: ssh_connection}
DEFAULT_SELINUX_SPECIAL_FS:
default: fuse, nfs, vboxsf, ramfs, 9p
description: ['Some filesystems do not support safe operations and/or return inconsistent
errors, this setting makes Ansible ''tolerate'' those in the list w/o causing
fatal errors.', Data corruption may occur and writes are not always verified
when a filesystem is in the list.]
env: []
ini:
- {key: special_context_filesystems, section: selinux}
name: Problematic file systems
type: list
DEFAULT_SFTP_BATCH_MODE:
default: true
description: 'TODO: write it'
env:
- {name: ANSIBLE_SFTP_BATCH_MODE}
ini:
- {key: sftp_batch_mode, section: ssh_connection}
type: boolean
yaml: {key: ssh_connection.sftp_batch_mode}
DEFAULT_SQUASH_ACTIONS:
default: apk, apt, dnf, homebrew, openbsd_pkg, pacman, pip, pkgng, yum, zypper
deprecated: {alternatives: a list directly with the module argument, version: '2.11',
why: Loop squashing is deprecated and this configuration will no longer be used}
description: ['Ansible can optimise actions that call modules that support list
parameters when using ``with_`` looping. Instead of calling the module once
for each item, the module is called once with the full list.', 'The default
value for this setting is only for certain package managers, but it can be used
for any module.', 'Currently, this is only supported for modules that have a
name or pkg parameter, and only when the item is the only thing being passed
to the parameter.']
env:
- {name: ANSIBLE_SQUASH_ACTIONS}
ini:
- {key: squash_actions, section: defaults}
name: Squashable actions
type: list
version_added: '2.0'
DEFAULT_SSH_TRANSFER_METHOD:
default: null
description: unused?
env:
- {name: ANSIBLE_SSH_TRANSFER_METHOD}
ini:
- {key: transfer_method, section: ssh_connection}
DEFAULT_STDOUT_CALLBACK:
default: default
description: ['Set the main callback used to display Ansible output, you can only
have one at a time.', 'You can have many other callbacks, but just one can be
in charge of stdout.']
env:
- {name: ANSIBLE_STDOUT_CALLBACK}
ini:
- {key: stdout_callback, section: defaults}
name: Main display callback plugin
DEFAULT_STRATEGY:
default: linear
description: Set the default strategy used for plays.
env:
- {name: ANSIBLE_STRATEGY}
ini:
- {key: strategy, section: defaults}
name: Implied strategy
version_added: '2.3'
DEFAULT_STRATEGY_PLUGIN_PATH:
default: ~/.ansible/plugins/strategy:/usr/share/ansible/plugins/strategy
description: Colon separated paths in which Ansible will search for Strategy Plugins.
env:
- {name: ANSIBLE_STRATEGY_PLUGINS}
ini:
- {key: strategy_plugins, section: defaults}
name: Strategy Plugins Path
type: pathspec
DEFAULT_SU:
default: false
description: Toggle the use of "su" for tasks.
env:
- {name: ANSIBLE_SU}
ini:
- {key: su, section: defaults}
type: boolean
yaml: {key: defaults.su}
DEFAULT_SU_EXE:
default: su
deprecated: {alternatives: become, version: '2.9', why: 'In favor of Ansible Become,
which is a generic framework. See become_exe.'}
description: specify an "su" executable, otherwise it relies on PATH.
env:
- {name: ANSIBLE_SU_EXE}
ini:
- {key: su_exe, section: defaults}
name: su executable
DEFAULT_SU_FLAGS:
default: ''
deprecated: {alternatives: become, version: '2.9', why: 'In favor of Ansible Become,
which is a generic framework. See become_flags.'}
description: Flags to pass to su
env:
- {name: ANSIBLE_SU_FLAGS}
ini:
- {key: su_flags, section: defaults}
name: su flags
DEFAULT_SU_USER:
default: null
deprecated: {alternatives: become, version: '2.9', why: 'In favor of Ansible Become,
which is a generic framework. See become_user.'}
description: User you become when using "su", leaving it blank will use the default
configured on the target (normally root)
env:
- {name: ANSIBLE_SU_USER}
ini:
- {key: su_user, section: defaults}
name: su user
DEFAULT_SYSLOG_FACILITY:
default: LOG_USER
description: Syslog facility to use when Ansible logs to the remote target
env:
- {name: ANSIBLE_SYSLOG_FACILITY}
ini:
- {key: syslog_facility, section: defaults}
name: syslog facility
DEFAULT_TASK_INCLUDES_STATIC:
default: false
deprecated: {alternatives: 'None, as its already built into the decision between
include_tasks and import_tasks', version: '2.12', why: include itself is deprecated
and this setting will not matter in the future}
description: ['The `include` tasks can be static or dynamic, this toggles the default
expected behaviour if autodetection fails and it is not explicitly set in task.']
env:
- {name: ANSIBLE_TASK_INCLUDES_STATIC}
ini:
- {key: task_includes_static, section: defaults}
name: Task include static
type: boolean
version_added: '2.1'
DEFAULT_TERMINAL_PLUGIN_PATH:
default: ~/.ansible/plugins/terminal:/usr/share/ansible/plugins/terminal
description: Colon separated paths in which Ansible will search for Terminal Plugins.
env:
- {name: ANSIBLE_TERMINAL_PLUGINS}
ini:
- {key: terminal_plugins, section: defaults}
name: Terminal Plugins Path
type: pathspec
DEFAULT_TEST_PLUGIN_PATH:
default: ~/.ansible/plugins/test:/usr/share/ansible/plugins/test
description: Colon separated paths in which Ansible will search for Jinja2 Test
Plugins.
env:
- {name: ANSIBLE_TEST_PLUGINS}
ini:
- {key: test_plugins, section: defaults}
name: Jinja2 Test Plugins Path
type: pathspec
DEFAULT_TIMEOUT:
default: 10
description: This is the default timeout for connection plugins to use.
env:
- {name: ANSIBLE_TIMEOUT}
ini:
- {key: timeout, section: defaults}
name: Connection timeout
type: integer
DEFAULT_TRANSPORT:
default: smart
description: Default connection plugin to use, the 'smart' option will toggle between
'ssh' and 'paramiko' depending on controller OS and ssh versions
env:
- {name: ANSIBLE_TRANSPORT}
ini:
- {key: transport, section: defaults}
name: Connection plugin
DEFAULT_UNDEFINED_VAR_BEHAVIOR:
default: true
description: ['When True, this causes ansible templating to fail steps that reference
variable names that are likely typoed.', 'Otherwise, any ''{{ template_expression
}}'' that contains undefined variables will be rendered in a template or ansible
action line exactly as written.']
env:
- {name: ANSIBLE_ERROR_ON_UNDEFINED_VARS}
ini:
- {key: error_on_undefined_vars, section: defaults}
name: Jinja2 fail on undefined
type: boolean
version_added: '1.3'
DEFAULT_VARS_PLUGIN_PATH:
default: ~/.ansible/plugins/vars:/usr/share/ansible/plugins/vars
description: Colon separated paths in which Ansible will search for Vars Plugins.
env:
- {name: ANSIBLE_VARS_PLUGINS}
ini:
- {key: vars_plugins, section: defaults}
name: Vars Plugins Path
type: pathspec
DEFAULT_VAULT_ENCRYPT_IDENTITY:
default: null
description: The vault_id to use for encrypting by default. If multiple vault_ids
are provided, this specifies which to use for encryption. The --encrypt-vault-id
cli option overrides the configured value.
env:
- {name: ANSIBLE_VAULT_ENCRYPT_IDENTITY}
ini:
- {key: vault_encrypt_identity, section: defaults}
name: Vault id to use for encryption
yaml: {key: defaults.vault_encrypt_identity}
DEFAULT_VAULT_IDENTITY:
default: default
description: The label to use for the default vault id label in cases where a vault
id label is not provided
env:
- {name: ANSIBLE_VAULT_IDENTITY}
ini:
- {key: vault_identity, section: defaults}
name: Vault id label
yaml: {key: defaults.vault_identity}
DEFAULT_VAULT_IDENTITY_LIST:
default: []
description: A list of vault-ids to use by default. Equivalent to multiple --vault-id
args. Vault-ids are tried in order.
env:
- {name: ANSIBLE_VAULT_IDENTITY_LIST}
ini:
- {key: vault_identity_list, section: defaults}
name: Default vault ids
type: list
yaml: {key: defaults.vault_identity_list}
DEFAULT_VAULT_ID_MATCH:
default: false
description: If true, decrypting vaults with a vault id will only try the password
from the matching vault-id
env:
- {name: ANSIBLE_VAULT_ID_MATCH}
ini:
- {key: vault_id_match, section: defaults}
name: Force vault id match
yaml: {key: defaults.vault_id_match}
DEFAULT_VAULT_PASSWORD_FILE:
default: null
description: The vault password file to use. Equivalent to --vault-password-file
or --vault-id
env:
- {name: ANSIBLE_VAULT_PASSWORD_FILE}
ini:
- {key: vault_password_file, section: defaults}
name: Vault password file
type: path
yaml: {key: defaults.vault_password_file}
DEFAULT_VERBOSITY:
default: 0
description: Sets the default verbosity, equivalent to the number of ``-v`` passed
in the command line.
env:
- {name: ANSIBLE_VERBOSITY}
ini:
- {key: verbosity, section: defaults}
name: Verbosity
type: integer
DEPRECATION_WARNINGS:
default: true
description: Toggle to control the showing of deprecation warnings
env:
- {name: ANSIBLE_DEPRECATION_WARNINGS}
ini:
- {key: deprecation_warnings, section: defaults}
name: Deprecation messages
type: boolean
DIFF_ALWAYS:
default: false
description: Configuration toggle to tell modules to show differences when in 'changed'
status, equivalent to ``--diff``.
env:
- {name: ANSIBLE_DIFF_ALWAYS}
ini:
- {key: always, section: diff}
name: Show differences
type: bool
DIFF_CONTEXT:
default: 3
description: How many lines of context to show when displaying the differences between
files.
env:
- {name: ANSIBLE_DIFF_CONTEXT}
ini:
- {key: context, section: diff}
name: Difference context
type: integer
DISPLAY_ARGS_TO_STDOUT:
default: false
description: ['Normally ``ansible-playbook`` will print a header for each task that
is run. These headers will contain the name: field from the task if you specified
one. If you didn''t then ``ansible-playbook`` uses the task''s action to help
you tell which task is presently running. Sometimes you run many of the same
action and so you want more information about the task to differentiate it from
others of the same action. If you set this variable to True in the config then
``ansible-playbook`` will also include the task''s arguments in the header.',
This setting defaults to False because there is a chance that you have sensitive
values in your parameters and you do not want those to be printed., 'If you
set this to True you should be sure that you have secured your environment''s
stdout (no one can shoulder surf your screen and you aren''t saving stdout to
an insecure file) or made sure that all of your playbooks explicitly added the
``no_log: True`` parameter to tasks which have sensitive values See How do I
keep secret data in my playbook? for more information.']
env:
- {name: ANSIBLE_DISPLAY_ARGS_TO_STDOUT}
ini:
- {key: display_args_to_stdout, section: defaults}
name: Show task arguments
type: boolean
version_added: '2.1'
DISPLAY_SKIPPED_HOSTS:
default: true
description: Toggle to control displaying skipped task/host entries in a task in
the default callback
env:
- deprecated: {alternatives: the "ANSIBLE_DISPLAY_SKIPPED_HOSTS" environment variable,
version: '2.12', why: environment variables without "ANSIBLE_" prefix are deprecated}
name: DISPLAY_SKIPPED_HOSTS
- {name: ANSIBLE_DISPLAY_SKIPPED_HOSTS}
ini:
- {key: display_skipped_hosts, section: defaults}
name: Show skipped results
type: boolean
DOCSITE_ROOT_URL:
default: https://docs.ansible.com/ansible/
description: Root docsite URL used to generate docs URLs in warning/error text;
must be an absolute URL with valid scheme and trailing slash.
ini:
- {key: docsite_root_url, section: defaults}
name: Root docsite URL
version_added: '2.8'
DOC_FRAGMENT_PLUGIN_PATH:
default: ~/.ansible/plugins/doc_fragments:/usr/share/ansible/plugins/doc_fragments
description: Colon separated paths in which Ansible will search for Documentation
Fragments Plugins.
env:
- {name: ANSIBLE_DOC_FRAGMENT_PLUGINS}
ini:
- {key: doc_fragment_plugins, section: defaults}
name: documentation fragment plugins path
type: pathspec
ENABLE_TASK_DEBUGGER:
default: false
description: ['Whether or not to enable the task debugger, this previously was done
as a strategy plugin.', Now all strategy plugins can inherit this behavior.
The debugger defaults to activating when, a task is failed on unreachable. Use
the debugger keyword for more flexibility.]
env:
- {name: ANSIBLE_ENABLE_TASK_DEBUGGER}
ini:
- {key: enable_task_debugger, section: defaults}
name: Whether to enable the task debugger
type: boolean
version_added: '2.5'
ERROR_ON_MISSING_HANDLER:
default: true
description: Toggle to allow missing handlers to become a warning instead of an
error when notifying.
env:
- {name: ANSIBLE_ERROR_ON_MISSING_HANDLER}
ini:
- {key: error_on_missing_handler, section: defaults}
name: Missing handler error
type: boolean
FACTS_MODULES:
default: [smart]
description: Which modules to run during a play's fact gathering stage, using the
default of 'smart' will try to figure it out based on connection type.
env:
- {name: ANSIBLE_FACTS_MODULES}
ini:
- {key: facts_modules, section: defaults}
name: Gather Facts Modules
type: list
vars:
- {name: ansible_facts_modules}
GALAXY_IGNORE_CERTS:
default: false
description: ['If set to yes, ansible-galaxy will not validate TLS certificates.
This can be useful for testing against a server with a self-signed certificate.']
env:
- {name: ANSIBLE_GALAXY_IGNORE}
ini:
- {key: ignore_certs, section: galaxy}
name: Galaxy validate certs
type: boolean
GALAXY_ROLE_SKELETON:
default: null
description: Role skeleton directory to use as a template for the ``init`` action
in ``ansible-galaxy``, same as ``--role-skeleton``.
env:
- {name: ANSIBLE_GALAXY_ROLE_SKELETON}
ini:
- {key: role_skeleton, section: galaxy}
name: Galaxy skeleton direcotry
type: path
GALAXY_ROLE_SKELETON_IGNORE:
default: [^.git$, ^.*/.git_keep$]
description: patterns of files to ignore inside a galaxy role skeleton directory
env:
- {name: ANSIBLE_GALAXY_ROLE_SKELETON_IGNORE}
ini:
- {key: role_skeleton_ignore, section: galaxy}
name: Galaxy skeleton ignore
type: list
GALAXY_SERVER:
default: https://galaxy.ansible.com
description: URL to prepend when roles don't specify the full URI, assume they are
referencing this server as the source.
env:
- {name: ANSIBLE_GALAXY_SERVER}
ini:
- {key: server, section: galaxy}
yaml: {key: galaxy.server}
GALAXY_TOKEN:
default: null
description: GitHub personal access token
env:
- {name: ANSIBLE_GALAXY_TOKEN}
ini:
- {key: token, section: galaxy}
yaml: {key: galaxy.token}
HOST_KEY_CHECKING:
default: true
description: Set this to "False" if you want to avoid host key checking by the underlying
tools Ansible uses to connect to the host
env:
- {name: ANSIBLE_HOST_KEY_CHECKING}
ini:
- {key: host_key_checking, section: defaults}
name: Check host keys
type: boolean
HOST_PATTERN_MISMATCH:
choices: [warning, error, ignore]
default: warning
description: This setting changes the behaviour of mismatched host patterns, it
allows you to force a fatal error, a warning or just ignore it
env:
- {name: ANSIBLE_HOST_PATTERN_MISMATCH}
ini:
- {key: host_pattern_mismatch, section: inventory}
name: Control host pattern mismatch behaviour
version_added: '2.8'
INJECT_FACTS_AS_VARS:
default: true
description: ['Facts are available inside the `ansible_facts` variable, this setting
also pushes them as their own vars in the main namespace.', 'Unlike inside the
`ansible_facts` dictionary, these will have an `ansible_` prefix.']
env:
- {name: ANSIBLE_INJECT_FACT_VARS}
ini:
- {key: inject_facts_as_vars, section: defaults}
type: boolean
version_added: '2.5'
INTERPRETER_PYTHON:
default: auto_legacy
description: ['Path to the Python interpreter to be used for module execution on
remote targets, or an automatic discovery mode. Supported discovery modes are
``auto``, ``auto_silent``, and ``auto_legacy`` (the default). All discovery
modes employ a lookup table to use the included system Python (on distributions
known to include one), falling back to a fixed ordered list of well-known Python
interpreter locations if a platform-specific default is not available. The fallback
behavior will issue a warning that the interpreter should be set explicitly
(since interpreters installed later may change which one is used). This warning
behavior can be disabled by setting ``auto_silent``. The default value of ``auto_legacy``
provides all the same behavior, but for backwards-compatibility with older Ansible
releases that always defaulted to ``/usr/bin/python``, will use that interpreter
if present (and issue a warning that the default behavior will change to that
of ``auto`` in a future Ansible release.']
env:
- {name: ANSIBLE_PYTHON_INTERPRETER}
ini:
- {key: interpreter_python, section: defaults}
name: Python interpreter path (or automatic discovery behavior) used for module
execution
vars:
- {name: ansible_python_interpreter}
version_added: '2.8'
INTERPRETER_PYTHON_DISTRO_MAP:
default:
centos: &id001 {'6': /usr/bin/python, '8': /usr/libexec/platform-python}
fedora: {'23': /usr/bin/python3}
redhat: *id001
rhel: *id001
ubuntu: {'14': /usr/bin/python, '16': /usr/bin/python3}
name: Mapping of known included platform pythons for various Linux distros
version_added: '2.8'
INTERPRETER_PYTHON_FALLBACK:
default: [/usr/bin/python, python3.7, python3.6, python3.5, python2.7, python2.6,
/usr/libexec/platform-python, /usr/bin/python3, python]
name: Ordered list of Python interpreters to check for in discovery
version_added: '2.8'
INVALID_TASK_ATTRIBUTE_FAILED:
default: true
description: If 'false', invalid attributes for a task will result in warnings instead
of errors
env:
- {name: ANSIBLE_INVALID_TASK_ATTRIBUTE_FAILED}
ini:
- {key: invalid_task_attribute_failed, section: defaults}
name: Controls whether invalid attributes for a task result in errors instead of
warnings
type: boolean
version_added: '2.7'
INVENTORY_ANY_UNPARSED_IS_FAILED:
default: false
description: 'If ''true'', it is a fatal error when any given inventory source cannot
be successfully parsed by any available inventory plugin; otherwise, this situation
only attracts a warning.
'
env:
- {name: ANSIBLE_INVENTORY_ANY_UNPARSED_IS_FAILED}
ini:
- {key: any_unparsed_is_failed, section: inventory}
name: Controls whether any unparseable inventory source is a fatal error
type: boolean
version_added: '2.7'
INVENTORY_CACHE_ENABLED:
default: false
description: Toggle to turn on inventory caching
env:
- {name: ANSIBLE_INVENTORY_CACHE}
ini:
- {key: cache, section: inventory}
name: Inventory caching enabled
type: bool
INVENTORY_CACHE_PLUGIN:
description: The plugin for caching inventory. If INVENTORY_CACHE_PLUGIN is not
provided CACHE_PLUGIN can be used instead.
env:
- {name: ANSIBLE_INVENTORY_CACHE_PLUGIN}
ini:
- {key: cache_plugin, section: inventory}
name: Inventory cache plugin
INVENTORY_CACHE_PLUGIN_CONNECTION:
description: The inventory cache connection. If INVENTORY_CACHE_PLUGIN_CONNECTION
is not provided CACHE_PLUGIN_CONNECTION can be used instead.
env:
- {name: ANSIBLE_INVENTORY_CACHE_CONNECTION}
ini:
- {key: cache_connection, section: inventory}
name: Inventory cache plugin URI to override the defaults section
INVENTORY_CACHE_PLUGIN_PREFIX:
default: ansible_facts
description: The table prefix for the cache plugin. If INVENTORY_CACHE_PLUGIN_PREFIX
is not provided CACHE_PLUGIN_PREFIX can be used instead.
env:
- {name: ANSIBLE_INVENTORY_CACHE_PLUGIN_PREFIX}
ini:
- {key: cache_prefix, section: inventory}
name: Inventory cache plugin table prefix
INVENTORY_CACHE_TIMEOUT:
default: 3600
description: Expiration timeout for the inventory cache plugin data. If INVENTORY_CACHE_TIMEOUT
is not provided CACHE_TIMEOUT can be used instead.
env:
- {name: ANSIBLE_INVENTORY_CACHE_TIMEOUT}
ini:
- {key: cache_timeout, section: inventory}
name: Inventory cache plugin expiration timeout
INVENTORY_ENABLED:
default: [host_list, script, auto, yaml, ini, toml]
description: List of enabled inventory plugins, it also determines the order in
which they are used.
env:
- {name: ANSIBLE_INVENTORY_ENABLED}
ini:
- {key: enable_plugins, section: inventory}
name: Active Inventory plugins
type: list
INVENTORY_EXPORT:
default: false
description: Controls if ansible-inventory will accurately reflect Ansible's view
into inventory or its optimized for exporting.
env:
- {name: ANSIBLE_INVENTORY_EXPORT}
ini:
- {key: export, section: inventory}
name: Set ansible-inventory into export mode
type: bool
INVENTORY_IGNORE_EXTS:
default: '{{(BLACKLIST_EXTS + ( ''.orig'', ''.ini'', ''.cfg'', ''.retry''))}}'
description: List of extensions to ignore when using a directory as an inventory
source
env:
- {name: ANSIBLE_INVENTORY_IGNORE}
ini:
- {key: inventory_ignore_extensions, section: defaults}
- {key: ignore_extensions, section: inventory}
name: Inventory ignore extensions
type: list
INVENTORY_IGNORE_PATTERNS:
default: []
description: List of patterns to ignore when using a directory as an inventory source
env:
- {name: ANSIBLE_INVENTORY_IGNORE_REGEX}
ini:
- {key: inventory_ignore_patterns, section: defaults}
- {key: ignore_patterns, section: inventory}
name: Inventory ignore patterns
type: list
INVENTORY_UNPARSED_IS_FAILED:
default: false
description: 'If ''true'' it is a fatal error if every single potential inventory
source fails to parse, otherwise this situation will only attract a warning.
'
env:
- {name: ANSIBLE_INVENTORY_UNPARSED_FAILED}
ini:
- {key: unparsed_is_failed, section: inventory}
name: Unparsed Inventory failure
type: bool
LOCALHOST_WARNING:
default: true
description: [By default Ansible will issue a warning when there are no hosts in
the inventory., These warnings can be silenced by adjusting this setting to
False.]
env:
- {name: ANSIBLE_LOCALHOST_WARNING}
ini:
- {key: localhost_warning, section: defaults}
name: Warning when using implicit inventory with only localhost
type: boolean
version_added: '2.6'
MAX_FILE_SIZE_FOR_DIFF:
default: 104448
description: Maximum size of files to be considered for diff display
env:
- {name: ANSIBLE_MAX_DIFF_SIZE}
ini:
- {key: max_diff_size, section: defaults}
name: Diff maximum file size
type: int
NETCONF_SSH_CONFIG:
default: null
description: This variable is used to enable bastion/jump host with netconf connection.
If set to True the bastion/jump host ssh settings should be present in ~/.ssh/config
file, alternatively it can be set to custom ssh configuration file path to read
the bastion/jump host settings.
env:
- {name: ANSIBLE_NETCONF_SSH_CONFIG}
ini:
- {key: ssh_config, section: netconf_connection}
yaml: {key: netconf_connection.ssh_config}
NETWORK_GROUP_MODULES:
default: [eos, nxos, ios, iosxr, junos, enos, ce, vyos, sros, dellos9, dellos10,
dellos6, asa, aruba, aireos, bigip, ironware, onyx, netconf]
description: 'TODO: write it'
env:
- deprecated: {alternatives: the "ANSIBLE_NETWORK_GROUP_MODULES" environment variable,
version: '2.12', why: environment variables without "ANSIBLE_" prefix are deprecated}
name: NETWORK_GROUP_MODULES
- {name: ANSIBLE_NETWORK_GROUP_MODULES}
ini:
- {key: network_group_modules, section: defaults}
name: Network module families
type: list
yaml: {key: defaults.network_group_modules}
OLD_PLUGIN_CACHE_CLEARING:
default: false
description: Previouslly Ansible would only clear some of the plugin loading caches
when loading new roles, this led to some behaviours in which a plugin loaded in
prevoius plays would be unexpectedly 'sticky'. This setting allows to return to
that behaviour.
env:
- {name: ANSIBLE_OLD_PLUGIN_CACHE_CLEAR}
ini:
- {key: old_plugin_cache_clear, section: defaults}
type: boolean
version_added: '2.8'
PARAMIKO_HOST_KEY_AUTO_ADD:
default: false
description: 'TODO: write it'
env:
- {name: ANSIBLE_PARAMIKO_HOST_KEY_AUTO_ADD}
ini:
- {key: host_key_auto_add, section: paramiko_connection}
type: boolean
PARAMIKO_LOOK_FOR_KEYS:
default: true
description: 'TODO: write it'
env:
- {name: ANSIBLE_PARAMIKO_LOOK_FOR_KEYS}
ini:
- {key: look_for_keys, section: paramiko_connection}
name: look for keys
type: boolean
PERSISTENT_COMMAND_TIMEOUT:
default: 30
description: This controls the amount of time to wait for response from remote device
before timing out presistent connection.
env:
- {name: ANSIBLE_PERSISTENT_COMMAND_TIMEOUT}
ini:
- {key: command_timeout, section: persistent_connection}
name: Persistence command timeout
type: int
PERSISTENT_CONNECT_RETRY_TIMEOUT:
default: 15
description: This controls the retry timeout for presistent connection to connect
to the local domain socket.
env:
- {name: ANSIBLE_PERSISTENT_CONNECT_RETRY_TIMEOUT}
ini:
- {key: connect_retry_timeout, section: persistent_connection}
name: Persistence connection retry timeout
type: integer
PERSISTENT_CONNECT_TIMEOUT:
default: 30
description: This controls how long the persistent connection will remain idle before
it is destroyed.
env:
- {name: ANSIBLE_PERSISTENT_CONNECT_TIMEOUT}
ini:
- {key: connect_timeout, section: persistent_connection}
name: Persistence timeout
type: integer
PERSISTENT_CONTROL_PATH_DIR:
default: ~/.ansible/pc
description: Path to socket to be used by the connection persistence system.
env:
- {name: ANSIBLE_PERSISTENT_CONTROL_PATH_DIR}
ini:
- {key: control_path_dir, section: persistent_connection}
name: Persistence socket path
type: path
PLAYBOOK_VARS_ROOT:
choices: [top, bottom, all]
default: top
description: ['This sets which playbook dirs will be used as a root to process vars
plugins, which includes finding host_vars/group_vars', The ``top`` option follows
the traditional behaviour of using the top playbook in the chain to find the
root directory., The ``bottom`` option follows the 2.4.0 behaviour of using
the current playbook to find the root directory., The ``all`` option examines
from the first parent to the current playbook.]
env:
- {name: ANSIBLE_PLAYBOOK_VARS_ROOT}
ini:
- {key: playbook_vars_root, section: defaults}
name: playbook vars files root
version_added: 2.4.1
PLUGIN_FILTERS_CFG:
default: null
description: [A path to configuration for filtering which plugins installed on the
system are allowed to be used., 'See :ref:`plugin_filtering_config` for details
of the filter file''s format.', ' The default is /etc/ansible/plugin_filters.yml']
ini:
- deprecated: {alternatives: the "defaults" section instead, version: '2.12', why: Specifying
"plugin_filters_cfg" under the "default" section is deprecated}
key: plugin_filters_cfg
section: default
- {key: plugin_filters_cfg, section: defaults}
name: Config file for limiting valid plugins
type: path
version_added: 2.5.0
PYTHON_MODULE_RLIMIT_NOFILE:
default: 0
description: ['Attempts to set RLIMIT_NOFILE soft limit to the specified value when
executing Python modules (can speed up subprocess usage on Python 2.x. See https://bugs.python.org/issue11284).
The value will be limited by the existing hard limit. Default value of 0 does
not attempt to adjust existing system-defined limits.']
env:
- {name: ANSIBLE_PYTHON_MODULE_RLIMIT_NOFILE}
ini:
- {key: python_module_rlimit_nofile, section: defaults}
name: Adjust maximum file descriptor soft limit during Python module execution
vars:
- {name: ansible_python_module_rlimit_nofile}
version_added: '2.8'
RETRY_FILES_ENABLED:
default: false
description: This controls whether a failed Ansible playbook should create a .retry
file.
env:
- {name: ANSIBLE_RETRY_FILES_ENABLED}
ini:
- {key: retry_files_enabled, section: defaults}
name: Retry files
type: bool
RETRY_FILES_SAVE_PATH:
default: null
description: This sets the path in which Ansible will save .retry files when a playbook
fails and retry files are enabled.
env:
- {name: ANSIBLE_RETRY_FILES_SAVE_PATH}
ini:
- {key: retry_files_save_path, section: defaults}
name: Retry files path
type: path
SHOW_CUSTOM_STATS:
default: false
description: This adds the custom stats set via the set_stats plugin to the default
output
env:
- {name: ANSIBLE_SHOW_CUSTOM_STATS}
ini:
- {key: show_custom_stats, section: defaults}
name: Display custom stats
type: bool
STRING_CONVERSION_ACTION:
default: warn
description: ['Action to take when a module parameter value is converted to a string
(this does not affect variables). For string parameters, values such as ''1.00'',
"[''a'', ''b'',]", and ''yes'', ''y'', etc. will be converted by the YAML parser
unless fully quoted.', 'Valid options are ''error'', ''warn'', and ''ignore''.',
'Since 2.8, this option defaults to ''warn'' but will change to ''error'' in 2.12.']
env:
- {name: ANSIBLE_STRING_CONVERSION_ACTION}
ini:
- {key: string_conversion_action, section: defaults}
type: string
version_added: '2.8'
STRING_TYPE_FILTERS:
default: [string, to_json, to_nice_json, to_yaml, ppretty, json]
description: [This list of filters avoids 'type conversion' when templating variables,
'Useful when you want to avoid conversion into lists or dictionaries for JSON
strings, for example.']
env:
- {name: ANSIBLE_STRING_TYPE_FILTERS}
ini:
- {key: dont_type_filters, section: jinja2}
name: Filters to preserve strings
type: list
SYSTEM_WARNINGS:
default: true
description: [Allows disabling of warnings related to potential issues on the system
running ansible itself (not on the managed hosts), These may include warnings
about 3rd party packages or other conditions that should be resolved if possible.]
env:
- {name: ANSIBLE_SYSTEM_WARNINGS}
ini:
- {key: system_warnings, section: defaults}
name: System warnings
type: boolean
TAGS_RUN:
default: []
description: default list of tags to run in your plays, Skip Tags has precedence.
env:
- {name: ANSIBLE_RUN_TAGS}
ini:
- {key: run, section: tags}
name: Run Tags
type: list
version_added: '2.5'
TAGS_SKIP:
default: []
description: default list of tags to skip in your plays, has precedence over Run
Tags
env:
- {name: ANSIBLE_SKIP_TAGS}
ini:
- {key: skip, section: tags}
name: Skip Tags
type: list
version_added: '2.5'
TASK_DEBUGGER_IGNORE_ERRORS:
default: true
description: [This option defines whether the task debugger will be invoked on a
failed task when ignore_errors=True is specified., 'True specifies that the
debugger will honor ignore_errors, False will not honor ignore_errors.']
env:
- {name: ANSIBLE_TASK_DEBUGGER_IGNORE_ERRORS}
ini:
- {key: task_debugger_ignore_errors, section: defaults}
name: Whether a failed task with ignore_errors=True will still invoke the debugger
type: boolean
version_added: '2.7'
TRANSFORM_INVALID_GROUP_CHARS:
choices: [always, never, ignore, silently]
default: never
description: [Make ansible transform invalid characters in group names supplied
by inventory sources., If 'never' it will allow for the group name but warn
about the issue., 'When ''ignore'', it does the same as ''never'', without issuing
a warning.', When 'always' it will replace any invalid charachters with '_'
(underscore) and warn the user, 'When ''silently'', it does the same as ''always'',
without issuing a warning.']
env:
- {name: ANSIBLE_TRANSFORM_INVALID_GROUP_CHARS}
ini:
- {key: force_valid_group_names, section: defaults}
name: Transform invalid characters in group names
type: string
version_added: '2.8'
USE_PERSISTENT_CONNECTIONS:
default: false
description: Toggles the use of persistence for connections.
env:
- {name: ANSIBLE_USE_PERSISTENT_CONNECTIONS}
ini:
- {key: use_persistent_connections, section: defaults}
name: Persistence
type: boolean
VARIABLE_PRECEDENCE:
default: [all_inventory, groups_inventory, all_plugins_inventory, all_plugins_play,
groups_plugins_inventory, groups_plugins_play]
description: Allows to change the group variable precedence merge order.
env:
- {name: ANSIBLE_PRECEDENCE}
ini:
- {key: precedence, section: defaults}
name: Group variable precedence
type: list
version_added: '2.4'
VERBOSE_TO_STDERR:
default: false
description: [Force 'verbose' option to use stderr instead of stdout]
env:
- {name: ANSIBLE_VERBOSE_TO_STDERR}
ini:
- {key: verbose_to_stderr, section: defaults}
type: bool
version_added: '2.8'
YAML_FILENAME_EXTENSIONS:
default: [.yml, .yaml, .json]
description: [Check all of these extensions when looking for 'variable' files which
should be YAML or JSON or vaulted versions of these., 'This affects vars_files,
include_vars, inventory and vars plugins among others.']
env:
- {name: ANSIBLE_YAML_FILENAME_EXT}
ini:
- {key: yaml_valid_extensions, section: defaults}
name: Valid YAML extensions
type: list